1. Safety Critical Element (SCE)
Any part of the facilities the failure of which could cause or contribute substantially to a major Accident Hazard or the purpose of which is to limit the effects of the Major Accident Hazard. There are two types of Safety critical Element:
- Preventive SCE: Those which prevent MAH (Major Accident Hazard), like Fire and Gas Detectors, Toxic Gas Detectors etc.
- Mitigation SCE: Those which intervene passively or actively to limit the effects of a MAH like Active Fire Protection, Passive Fire Proofing etc.
2. List of Emergency Safety Critical Systems in a typical Refinery or Oil/Gas Plant
| Integrity Barrier | Safety and Environment Critical Elements |
| Structural Integrity | Foundation StructuresSurface StructuresOccupied Buildings |
| Protection Systems | Passive and Active Fire Protection SystemsLayout and SegregationExplosion ProtectionFire Water pumps |
| Detection Systems | Fire and Gas Detection Corrosion Monitoring equipment |
| Shutdown Systems(isolation and Blow Down systems) | ESD (Emergency Shutdown Valve) including IPF(Instrumented Protective Function) and HIPPS(High Integrity Pressure Protection System)Depressurization SystemEquipment IsolationPiping IsolationROVs (Remote Operated Valves) and SDV (Shut down Valves) ValvesESDV (Emergency Shutdown Valves) |
| Emergency Response | Protection Systems as aboveEscape and Evacuation RoutesEmergency/Escape Lighting Communication systemsUPS(Uninterrupted Power Supply System)Emergency PowerSpill Kits |
3. Emergency Safety Critical System Safety Analysis
This study analyses Safety Critical Emergency Systems as placed in a plant design and operations to assess their ability to complete their intended functions in the event of major accidents during operation of the facility and provide guidance with recommendations to enhance the survivability of the emergency systems.
4. Safety Critical System Analysis Objectives
The objectives include the following:
- Identify and describe all the Emergency systems from HSECES (Health, Safety, Environment, Critical Element Systems) list and Performance standards that are designed to reduce the risk to personnel following the event when engaged in command, control, escape and evacuation processes.
- Assess the potential for impairment of emergency systems’ ability to withstand MAHs for sufficient time to allow them to complete their designated functions.
- Recommend potential risk reduction options where necessary, in order to increase the survivability and level of integrity of the Emergency systems.
5. Documents required for ESSA study
1. Project Safety Philosophy
2. Design Basis for Active Fire Protection and Passive Fire Protection
3. Specification of Safety Equipment & Safety Signs
4. Fire, Explosion and Toxic Gas Risk Assessment Report
5. Relief, Flare & Blow-down Philosophy
6. Emergency Shutdown Philosophy
7. Safety Studies Assumption Register
8. HAZID report
9. Quantitative Risk Analysis (QRA) Report (H2S Zoning)
10. Escape, Evacuation and Rescue Analysis (EERA)
11. Escape Route – Fire Fighting & Safety Equipment, Emergency Escape Route Layout
12. Fire Alarm System Block Diagram
13. Fire Alarm Plot Plan
14. PA/GA Plot Plan
15. Cables specs
16. F&G Panels specs
17. 3D F&G Mapping Study Report
18. Fire Safety Assessment (FSA) Study Report
19. Overall firefighting underground pipe network system
20. Fire Fighting P&ID for Deluge System
21. Fire Fighting and Safety Equipment Layout
22. Electrical Design Basis
23. Specification for Control & Instrumentation Cable
24. F&G Detectors and Manual Call Point Layout
25. Plot Plan for Plant
26. Single Line Diagram for AC UPS in Substation
27. Drain & Vent Philosophy
6. ESSA STEPS
1. System Review
Assess safety systems for vulnerabilities under specific MAH scenarios.
2. Fail-Safe Mechanism Evaluation
Ensure systems automatically shift to a safe mode and maintain functionality during emergencies.
- Redundancy Analysis
Verify if backup mechanisms are sufficient to ensure system reliability in the event of component failure.
- Diversity Assessment
Explore alternative approaches or components to enhance system robustness when redundancy is insufficient.
- Survivability Testing
Conduct detailed tests to evaluate system performance under credible MAH scenarios.
- Impairment Criteria Assessment
Analyse factors like thermal radiation, explosion overpressure, and smoke that could impair system functionality.
- Propose Enhancements
Recommend measures to address weaknesses and improve system survivability
7. Impairment and Vulnerability Criteria
The following criteria for impairment and vulnerability for emergency systems are considered based on the related COMPANY’s Procedure on Hazards and Effects Management Process, where applicable.
- Thermal Radiation: Radiation level of 12.5 kW/m2
- Flame Length: Jet flame length impairment for structures and PFP
- Flash Fire: Impairment due to flash fire needs to be assessed based on vulnerability of emergency systems to flash fire. As flash fire will last only for a few seconds, it is assumed that only emergency systems containing combustible material (such as non-fire rated electrical components) will be affected by flash fire.
- Explosion: Explosion is not considered as vulnerability criteria for ESSA study. As per the project philosophy, the plant structure (except the complex building and lab) is not designed for explosion.
- 12.5 kW/m2 thermal radiation contours and LFL contours corresponding to 1E-4 per year frequency as per FSA study.
- Based on above, vulnerability assessment considers following major accident impacts:
- Process Fire (due to thermal radiation from jet/ pool fire; flash fire can burn back to follow a jet/ pool fire)
- Building fire (cellulosic fire, cable fire, where applicable)
- Unignited gas release (flammable, toxic gas release)
8. ESSA Methodology
The methodology follows a systematic process, in which the performance of each emergency system component is assessed for each identified Major Accident Hazard (MAH) scenarios. The methodology details here are in line with COMPANY Procedure on Hazards and Effects Management Process.
The overall approach used in the ESSA can be summarized as follows:
- MAHs are identified based on review of project documents e.g. HAZID, QRA, FSA, FETRA study report.
- Emergency systems are assessed against each MAH defined based on COMPANY Specification on HSE Case and project Bow-Tie diagrams.
- Identify the function, constituent parts and location of each Emergency Systems and summarize the design intent.
- Detail the performance criteria for each Emergency System in terms of survivability.
- Determine the vulnerability of the entire Emergency Systems and its various parts in each of the MAEs that they are designed to mitigate.
- If vulnerable, determine whether the Emergency System is fail safe e.g. whether an Emergency Shutdown Valve (ESDV), automatically closes on loss of signal.
- Determine the redundancy of non-fail-safe, vulnerable Emergency System e.g. duplicate components, alternative systems to provide similar functions, etc. and
- Identify any critical Emergency System inadequacies and potential modifications to the system design.
- Worked up Examples of ESSA
9.1 Emergency Depressurisation and Flare Systems
| MAE | Vulnerable? | Fail Safe | Redundant? | Acceptable | |
| BDV Valves/Actuators | Process Fire | No (¥) | NA (ŧ) | NA | Yes |
| Unignited gas release | No | NA | NA | Yes | |
| Cables | Process Fire | No(#) | NA (ŧ) | NA | Yes |
| Unignited gas release | No | NA | NA | Yes | |
| Panels | Process/Building Fire | NO (%) | NA (ŧ) | NA | Yes |
| Unignited Gas release | No | NA | NA | Yes | |
| Flares including headers | Process Fire | No (β) | NA | NA | Yes |
| Unignited gas release | No | NA | NA | Yes |
(¥) Fire Safe BDVs. The actuators of BDV if falling within the fire proofing zone/ fire scenario envelope is fire proofed.
(ŧ) Blow-down system fails to safe position in the event of damage to power, control signal or actuator motive system
(#) Fire resistant cable
(%) LER buildings are protected with inert gas fire suppression system
(β) Flare header supports located within fire impact area is fireproofed
9.2 Active Fire Fighting Components
| Components | MAE | Vulnerable? | Fail Safe | Redundant? | Acceptable | ||
| FW Tanks | Process Fire | No | Yes | Yes | Yes | ||
| Unignited Vapor | No | NA | Yes | Yes | |||
| FW Pumps | Process Fire | No(ŧ) | NA | Yes | Yes | ||
| Unignited release | No | NA | NA | Yes | |||
| Ring Main | Process Fire | No (%) | NA | NA | Yes | ||
| Unignited gas release | No | NA | NA | Yes | |||
| Fire Foam Monitors | Process Fire | No | NA | NA | Yes | ||
| Unignited gas release | No | NA | NA | Yes | |||
| Fire Foam hydrants | Process Fire | No | NA | NA | Yes | ||
| Unignited gas release | No | NA | NA | Yes | |||
| MAE | Vulnerable | Fail Safe? | Redundant? | Acceptable? | |||
| Foam extinguishing System | Process Fire | No | NA | NA | Yes | ||
| Unignited gas release | No | NA | Yes | Yes | |||
| Steam suppressing system | Process Fire | No | NA | NA | Yes | ||
| Unignited gas release | No | NA | Yes | Yes | |||
| Unignited gas release | No | NA | NA | Yes | |||
(ŧ) Duty pumps are 2*50% electrical driven and standby pumps are 2*50% diesel driven, hence redundant
(%) Underground ring main
Krishn Kumar Bhatnagar,
For any comment, query or clarification, please contact:
Process and Process Safety Consultant,
Noida, India,
+919650584384